My boss put me in charge to lead a infrastructure rebuild/relocation for a small company, but it was slightly above my experience level.
The only thing I did wrong is put POS systems and everything else all in the same network because I wasn't aware that to be PCI DSS Compliant all POS traffic must be segmented away from user devices. He left me on site with someone who barely knows the difference between DHCP and DNS. And then when I was asking for help on how to create the VLANs on an SG200 and get it all to work on separate networks, he got mad and told me it's a "very simple task" but couldn't explain how to do it.
Anyway, I have attached pictures of the original topology and the new one, and wondering what I need to do to separate the POS systems from the user devices. In the "new topology" picture, the devices outlined in red boxes are what I need to separate from everything else.
If I run another line to Building B, I can just bring that TP-Link back in the picture, and do it the same way it was before. But the same boss told me not to run a new line to building B, just recover the existing line and use it as an uplink. That's when I realized to do that, I needed to eliminate the TP link router because there wouldn't be a way to connect that other POS device to it and still power the AP in Building B. He says the SG-200 is a L3 switch but I don't think it is. And I'm almost certain the 8-port is not an L3 switch, but he said that didn't matter it would just send the traffic to SG and SG would handle routing it? Huh?
I hate the SG switches. I feel like I would have had better luck creating VLANs with a switch that had CLI. Couldn't figure out how to join ports to VLANs and create the trunks to allow traffic on both VLANs from building B. Really frustrated me but I'm glad he trusts me and allows me to lead projects. But from these diagrams you can see it's not "very simple". Hence why he couldn't explain over the phone how exactly to do it. I know this is small stuff compared to what some of you guys do, but any help is appreciated.
OLD TOPOLOGY:
NEW TOPOLOGY:
Again, the devices outlined by red boxes are what need to segregate as they are touch screen POS devices. Is it possible to do this with the equipment mentioned? The 8-port is some small cisco w/ poe offering, not even sure if it's managed.
EDIT: The 8 port is an SG-110 (8) which is UNMANAGED
The router is Cisco DPC3941B and I'm investigating now whether it can accomplish my task.
No comments:
Post a Comment